> ## Documentation Index
> Fetch the complete documentation index at: https://docs.esperr.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit

> Tenant-scoped operator history and change tracking.

Audit entries answer:

* Who changed this?
* What changed?
* When did it change?

This is the authoritative history surface for control-plane changes.

## What gets logged

<Tip>
  **Audit Logging Heuristic**

  **Logged to audit:**

  * **Configuration changes**: Creating, updating, or deleting policies, actions, entities, mitigations
  * **Access changes**: Modifying tenant memberships, roles, or permissions
  * **Credential operations**: Creating or revoking API keys
  * **Tenant operations**: Creating, updating, or switching tenants
  * **Policy deployments**: Enabling or disabling policies in production

  **Not logged to audit:**

  * **Read operations**: Viewing policies, results, or configurations
  * **Runtime traffic**: Individual requests processed by policies
  * **System metrics**: Performance data, health checks, or monitoring
  * **Session activity**: Login attempts, token refreshes, or navigation
  * **Temporary operations**: Draft saves that aren't deployed
</Tip>

The audit log focuses on capturing intentional changes that affect how your system operates, not routine operational data.
